[RFC] drm/radeon: userfence IOCTL

Serguei Sagalovitch serguei.sagalovitch at amd.com
Mon Apr 13 08:52:19 PDT 2015 

 > Given that the userspace wait fence ioctl has not way to know which 
command buffer it is really waiting after then kernel has no knowledge 
of if this user fence will signal at all.
We could pass BO handle as  parameter in the "fence ioctl" to rely on it 
so kernel will know which BO  it is waiting.


 > So a malicious user space (we always have to assume this thing exist) 
could create a big VRAM BO and effectively pin it in VRAM leading to a 
GPU DOS (denial of service).
This problem  always exists. Malicious user space could allocate big BO 
and then submit shader running in loop which read/write from this BO.  
It could also spawn processes which will do the same thing. IMHO the 
only way to improve situation is  to have GPU Scheduler to allow 
"unloading" such application.

Sincerely yours,
Serguei Sagalovitch

On 15-04-13 11:39 AM, Jerome Glisse wrote:
> On Mon, Apr 13, 2015 at 11:25:30AM -0400, Serguei Sagalovitch wrote:
>>> the BO to be kept in the same place while it is mapped inside the kernel
>> page table
>> ...
>>> So this requires that we pin down the BO for the duration of the wait
>> IOCTL.
>>
>> But my understanding is that it should be not duration of "wait" IOCTL but
>> "duration" of command buffer execution.
>>
>> BTW: I would assume that this is not the new scenario.
>>
>>   This is scenario:
>>      - User allocate BO
>>      - User get CPU address for BO
>>      - User submit command buffer to write to BO
>>      - User could "poll" / "read" or "write" BO data by CPU
>>
>> So when  TTM needs  to move BO to another location it should also update CPU
>> "mapping" correctly so user will always read / write the correct data.
>>
>> Did I miss anything?
> No this is how things works. But we want to avoid pinning buffer.
> One use case for this userspace fence is i assume same BO same
> user fence use accross several command buffer. Given that the
> userspace wait fence ioctl has not way to know which command
> buffer it is really waiting after then kernel has no knowledge
> of if this user fence will signal at all. So a malicious user
> space (we always have to assume this thing exist) could create
> a big VRAM BO and effectively pin it in VRAM leading to a GPU
> DOS (denial of service).
>
> By the way Christian, i would add a timeout to this ioctl and
> return eagain to userspace on timeout so that userspace can
> resumit. That way a malicious userspace will just keep exhausting
> its cpu timeslot.
>
> Cheers,
> Jérôme

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/dri-devel/attachments/20150413/4bfb98f2/attachment-0001.html>

More information about the dri-devel mailing list